Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit d0b2abea authored by Ramaprasad Nagaraj's avatar Ramaprasad Nagaraj Committed by Shivakumar Malke
Browse files

msm: ais: smmu: Use get_file to increase ref count 



Due to race condition, fd pointing to a particular dma buf
is released by userspace  before incrementing ref count and
hence freed that dma buf. When the call returns it still uses
the freed dma buf causing use-after-free.

This fix includes get_file API to increment ref count
before dma_buf_fd.

CRs-Fixed: 3341070
Change-Id: Iede8f2fa21da43318e9085289aacf946418b53b7
Signed-off-by: default avatarShivakumar Malke <quic_smalke@quicinc.com>
Signed-off-by: default avatarRamaprasad Nagaraj <quic_ramapras@quicinc.com>
parent 127320ab
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment